BLING Blockchain use-case: The red button – an emergency brake for people in financial distress

Central Judical Collection Agency
CJIB – Dutch Centraal Justitieel Incassobureau
BLING Final Book article
Reading Level
Readiness criterium
Blockchain architecture, Business Need, Data handling, Legal Requirements, Mandate


The ‘Red Button’ (aka ‘Financial Emergency Brake’) project allows citizens to tell the Dutch Government and debt agencies that they are unable to pay their debts. The privacy-centric system links this declaration with certification from local services that they are providing debt support.

Almost 8% of Dutch households have debt problems. What’s the best way to coordinate help for them?

CJIB – Dutch Centraal Justitieel Incassobureau
Dewi Delhoofen – Dutch Association of Municipalities Koen Hartog – Dutch Blockchain Coalition

Helping citizens in financial distress

Almost 8% of Dutch households have financial problems of some description. As a result, cities and municipalities across the Netherlands provide services to support citizens with debts or who have trouble managing their finances. The challenges people in financial difficulties face usually involve multiple companies, multiple agencies, and multiple services, all of which need to be co-ordinated to successfully help citizens.

People with debts often do not seek immediate help – for a variety of reasons. As a result, their debt situation can deteriorate and become even more complex. When they do request support, it can take a while for the agencies helping them to get a clear picture of the entire circumstances of their situation. While local services are trying to understand what help is needed, creditors are continuing to request repayment or attempting to recover/collect their debts, which causes the citizen further stress and possibly sees their debts increase.

Many local debt assistance services recognised that it would be useful to have some form
of ‘pause’ button for people who cannot pay their financial/debt arrears – which would temporarily pause debt collection efforts. This would stabilise the situation and create a period of (debt) peace so local services can then work on developing a supported solution without the citizen being affected by the continued stress of ongoing debt collection efforts. Examples of this include the City of Amsterdam with the ‘Pause Button’ and the VNG (Association of Dutch Municipalities) with their ‘Blue Button’. In these scenarios once the Municipality has been in touch with the citizen’s creditors, the creditors ‘pause’ efforts to collect debts and arrears while the citizen and local debt services review how the citizen can be best If citizens can own their own data and distribute it, then that is a huge change in how governments work with (and help) citizens.

Developing a national approach to innovation

The CJIB (Centraal Justitieel Incassobureau/ Central Judicial Collection Agency) is part of the Dutch Ministry of Justice and Security. It is responsible for collecting a range of fines and penalties in the Netherlands. In 2017 the CJIB founded an Innovation Lab to find solutions for complex issues – like ‘how can government agencies exchange information that will help vulnerable citizens, whilst still complying with GDPR?’ – using a combination of data and new technologies – like blockchain.

supported to address their financial situation. Amsterdam’s Pause Button used a ‘traditional’ pause button approach: the citizen with financial challenges seeks help from the Municipality, and the Municipality then gives some form of signal to 3rd parties (debt collectors, debt owners, other agencies) that the citizen was being supported. The citizen is not actually involved in the information sharing. In this case the citizen has no ability to control their own data (from the Municipality) or to manage how their own data is then used.

Can we change this to a situation where citizens are able to get – and then share – their own information from municipalities?

Addressing personal debt and finance problems

Nearly 1.4 million Dutch households have financial problems. The impact of financial problems and having debts on people is worrying; this is why the Dutch government wants to help people to avoid – and get out of – debt. The Dutch government aims to balance the interests of the debtor and those of the creditor, and not to overlook the social causes of debt. All creditors should be more aware of the circumstances of debtors and collect debts in a socially responsible manner – this includes government organizations, such as the tax authorities and the CJIB.

For these reasons, it is important to CJIB to be able to make the distinction between a) those people who want to pay their debts but can’t, and b) those people in debt who are able to pay but won’t.

People who cannot pay a claim can now come to an agreement as to how to the debt can be paid, which helps prevent debt problems from worsening. To identify the people who want to pay their fines to the CJIB, but can’t, and to provide them with services and time to fulfil their obligations, the CJIB needs to receive a timely signal that the citizen is in debt. CJIB has developed an algorithm call Debt Alert, which tries to predict whether someone is at risk of either going into debt or being in debt.

The problem the CJIB faces is that many citizens with debt problems do not tell the CJIB about their situations, and letters to them are often left unopened. The gravity of their debt problems often only becomes apparent very late in the debt collection process – when it reaches debt collectors or the courts. If the CJIB had known the scale of the individual’s debt problem earlier a lot of time, money, and stress could be saved, and the debt issue could be better managed.

However, CJIB understands that these citizens are often in contact with their municipalities and using local debt help/debt relief services. Knowing this, CJIB developed the idea of the ‘Financial Emergency Brake’ (also known as the ‘Red Button’ or ‘Rode Knop’).

Introducing the ‘Financial Emergency Brake’

With funding of two parts of the Ministry of Justice (Innovation-team J&V and DGSenB) , BLING, the Cyber Security Group of the Delft University of Technology (TU Delft), Ledger Leopard, and were able to develop the ‘Financial Emergency Brake’, a proof of concept for a service for citizens and government organizations that helps support citizens with financial or debt problems. This was in response to calls for a national approach to supporting citizens with financial problems. The Financial Emergency Brake allows citizens to directly flag to the CJIB when they are unable to pay government fines. The system allows citizens to maintain their privacy, while linking this declaration with certification from local services (and local municipalities) that local services are providing debt support.

The Financial Emergency Brake can help with timely identification of debt problems.
In addition, it can potentially prevent someone’s debts from worsening. As such, this application contributes towards the Dutch government’s wider debt reduction strategy. In 2019 the prototype was developed using blockchain technology, based on the principles of privacy and citizen-centred sharing.

The proof of concept aimed to use blockchain’s identity- and information-management tools, together with a zero-knowledge proof (a system where one party can prove to another that they know a piece of information, without conveying any other information apart from the fact that they know the information).

Why blockchain?

For the CJIB, technology is a means to an end, and not and end in itself – so they investigate how different technologies can help them achieve their objectives. For the Financial Emergency Break-pilot, the CJIB looked for a suitable technological alternative to using centralized or siloed data stores. Any solution needed to allow participating organisations to easily exchange information in a safe and legal manner, whilst maximising
citizen’s control over their data. These two requirements would “GDPR-proof” the solution.

The CJIB decided to use blockchain as part of our solution for three main reasons:

  1. It was important that no single partner should have control over all of the data – a decentralized chain of trust is required
  2. Blockchain-enabled solutions can provide citizens with tools to control their own data in a private and secure way
  3. The solution would be more stable because it uses a distributed approach, so there would not be a single point
    of failure

The blockchain solution for the Financial Emergency Brake was expected to use two key technical approaches: Self Sovereign Identity with a Zero Knowledge Proof.

Self Sovereign Identity (SSI) is an approach where people and businesses can store, manage and share their attributes or credentials on a blockchain. These credentials can be efficiently shared with other parties that

can then validate these credentials, without having to rely on a central repository of user or system data. SSI is a digital way of doing what people do today when they hand over their paper-based driver’s licence or passport as part of a verification/identification process.

Zero knowledge proof (ZKP). Any information claim or credential can be proven using a zero-knowledge proof – a computer-based algorithmic solution. This means that a computer ‘game’ can be designed between

a prover and a verifier where the prover has knowledge of some information (e.g.
in this situation particular details about their financial situation – perhaps that they are receiving a certain type of financial support – the ‘claim’), and is able to prove that their

claim to know this is true – without revealing the actual details of the information to the verifier.

Lessons learned during prototype development

CJIB learned two main lessons during the development of their pilot. Firstly, that there are multiple blockchain technology stacks, each with different structural/design/ architectural properties. Which one to use is a matter of deciding what stack is most ‘fit for purpose’ – i.e. which meets most of the pilot’s requirements.

Unfortunately, there was no single technology stack that covered all of CJIB’s different requirements: authentication, access control, secure communication, confidentiality related mechanisms, and so on.

CJIB thus had to choose between two options:

  1. wait until there is a complete blockchain stack/solution is developed that meets all of the pilot’s requirements (this might take some time), or
  2. adopt one specific blockchain technology stack, and then customize it by adding the desired components.

CJIB chose to do the latter.

Secondly, CJIB learned that the privacy related tools that they wanted to use – such as Zero Knowledge Proofs – proved to not to be as mature as hoped, and that existing implementations were very limited and not ‘ready-to-use’ off the shelf.

What was required to deliver practical solutions f or private data sharing in a distributed network was joint work between researchers and software developers, particularly focusing on:

Development of a more complete blockchain technology with needed components,

Development of secure and properly implemented, computationally efficient cryptographic protocols, including Zero-Knowledge Proofs.

This is what the CJIB did in a triple-helix collaboration between the government, the private sector and the knowledge sector.

Testing a proof with real people 2017 saw their first assessment on how to tackle this – and a theoretical/paper model was developed setting out how a system using self-sovereign identity and zero-knowledge proofs might work. Zero knowledge proofs were very much theoretical ideas at the time, so CJIB wanted to test them more thoroughly. CJIB decided to move forward and build a proof of concept, and the University of Delft advised CJIB on the selection of a proposal from the 4 applications they’d received.

Ledger Leopard was selected by Delft University to build a prototype, which was then technically assessed by Delft, and then legally assessed by CMS Law to ensure the solution was GDPR compliant.

A key question for CJIB was whether this proposed service provided added value – the test was showing tool to people in financial difficulty and seeing if they could use it, if they liked it, and if they saw it as a potential solution to the challenges they were facing. This was done
in late 2021, when CJIB tested this approach with 80 citizens in two Dutch municipalities – Eindhoven and The Hague. The feedback from

testers was overwhelmingly positive – testers wanted to use it now or to have access to it if they were in difficulties. This solution allows those in debt troubles to show that they are in the municipal financial aid process, and they can then share this information with other third parties (like the CJIB, or debt agencies) via a federated signal (through the blockchain?).

Next steps

Following the successful testing of the pilot, the Dutch Ministry of Social Affairs and Employment was asked to support the building of a single solution for all municipalities and debt organisations in Holland. There was real local support for every local pilot, but there was also a recognition that a universal service was needed where all parties would use the same service.

In February 2022 the Ministry of the Interior gave an enthusiastic go-ahead for a national approach. Sessions with stakeholders confirmed the great demand for the service and for a national approach. The Ministry has been asked to identify at any legal requirements that are necessary so that all parties (government and private) can be required to use the same solution.

Stakeholders are currently looking at delivering an expanded solution that actually has 4 different financial pause buttons – because people with different types of financial problems have different support and signalling needs. People are in debt for many reasons – for example they may have psychological problems that need support.

While the Red Button approach allows citizens to flag that they’ve asked for support as they are in financial trouble, it would be helpful to have a support stage before this – before citizens are in debt trouble but useful if citizens recognise that they’re likely to face debt challenges and are seeking assistance.

Signal 1
The citizen isn’t yet in financial trouble but thinks they may need financial help and are going to ask for help

Signal 2
The citizen has been in contact with their Municipality and has agreed on some form of support, and the Municipality gives the citizen validated attributes/certification that they can share with other parties to prove that they are receiving municipal support with their debt problems (this is the Red Button use case).

Signal 3
This shows that the citizen is getting specialised debt aid from Municipality

Signal 4
The citizen has had support and is now in the position to make some different agreements with debt collectors etc.

Dutch stakeholders are also exploring building a data layer that connects private and public partners for appropriate data sharing. It is currently possible to share data some data within the ‘public’ world – i.e. from government to government – but success for the Red Button would be helped by being able to share data with the private sector – with the citizen’s permission (possibly via self-sovereign identity management).

Stakeholders are working with the Dutch Ministry of the Interior to develop this approach – as the Ministry leads on a lot of the Dutch digital infrastructure, and this will help this to become a country-wide solution. The Ministry thinks the Red Button is a good Proof of Concept which will facilitate many other use cases in Holland.

Delivering the Red Button – Blockchain and API approaches

The Red Button service will be delivered via a web application. As blockchain is still a new technology and challenging for some organisations, an API (Application Programming Interface) for the service is available for municipalities that don’t want to use a blockchain solution.

The success of getting all the municipalities on board will be through giving participating organisations different organisational/ technical options for how they participate in the solution – be it by using the central Blockchain, by using a municipal Blockchain, or through the API approach. By giving municipalities different technical options they then don’t have to spend a considerable amount of time debating internally about whether they are comfortable or willing to use blockchain – making a standalone solution with API access it makes it easier for municipalities to buy in. No organisation will be forced to use blockchain – but most will, as it’s built into the default solution. Organisations that choose not to use a blockchain-enabled solutions will still be able to use the Red Button service. It will still be possible to give citizens control of their own data in other ways, and municipalities will still be able to send validated information to debt companies – but in this case it will be government data about the citizen that the Municipality is sharing, not the citizen’s data.

Technical and organisational lessons

CJIB’s project was an important application of Self Sovereign Identity. Using the same methodology and building blocks (no pun intended), organisations can create a wide range of privacy-preserving governmental services. Any situation where information sharing between organizations can benefit vulnerable citizens would be a good candidate for this type of solution.

This pilot did two things governments talk about a lot – using as little data as possible to provide a service to citizens, and allowing people to control their own data and what is shared through the use of self-sovereign identity. This is not the standard way of interacting with a government agency, but this solution with CJIB/Eindhoven/Hague does both of these things and is a great example of delivering a different type of digital service to citizens.

One of the key lessons from this project is that it developed a shared solution – and in these cases a lot more groundwork needs to be done, when compared to the situation were one entity provides a solution and organisations can decide whether or not to use it.

CJIB and their partners also learned the implications of working with a new and emerging technology. Blockchain is still very young and still needs to mature, and a lot of the issues reflect that it’s still at a relatively early stage.

Going forward, solutions like this also raise the question of where services should
be designed and delivered – and how decentralised technology leads to wider questions about decentralised services. Should we provide some services centrally, or look for more decentralised solutions?